Cisco Cisco IOS Software Release 12.4(2)XB6
8
Release Notes for Cisco IAD2801 Series Integrated Access Devices with Cisco IOS Release 12.4(15)XY
OL-15504-03
Caveats
Caveats
For general information on caveats and the bug toolkit, see About Cisco IOS Release Notes located at
This section contains the following caveat information:
•
•
•
•
•
•
•
•
•
•
•
•
Open Caveats - Cisco IOS Release 12.4(15)XY5
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(15)XY5
•
CSCsv04836
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the
state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP
connection, an attacker could force the TCP connection to remain in a long-lived state, possibly
indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on
a system under attack may be consumed, preventing new TCP connections from being accepted. In
some cases, a system reboot may be necessary to recover normal system operation. To exploit these
vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable
system.
state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP
connection, an attacker could force the TCP connection to remain in a long-lived state, possibly
indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on
a system under attack may be consumed, preventing new TCP connections from being accepted. In
some cases, a system reboot may be necessary to recover normal system operation. To exploit these
vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable
system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that
may result in a system crash. This additional vulnerability was found as a result of testing the TCP
state manipulation vulnerabilities.
may result in a system crash. This additional vulnerability was found as a result of testing the TCP
state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at